Would be a good hardening step for people using MW with apache who have .htaccess enabled, once we have enabled our CSP and verified that it works well.
Description
Description
Details
Details
Subject | Repo | Branch | Lines +/- | |
---|---|---|---|---|
[DNM] Set a CSP header to sandbox uploaded files | mediawiki/core | master | +88 -0 |
Status | Subtype | Assigned | Task | ||
---|---|---|---|---|---|
Open | None | T44725 Multimedia file format support (tracking) | |||
Open | None | T138665 Support SVG interactivity and animation in media-viewer | |||
Open | None | T5593 [Epic] SVG client side rendering | |||
Open | None | T208578 SVG client side rendering for specific SVGs | |||
Open | None | T134482 Beta feature for opt-in client side SVG rendering | |||
Open | None | T28508 Content Security Policy (CSP) | |||
Open | None | T239069 Give MW a .htaccess in the images directory to mirror Wikimedia's CSP settings |
Event Timeline
Comment Actions
Change 547930 had a related patch set uploaded (by Brian Wolff; owner: Brian Wolff):
[mediawiki/core@master] [DNM] Set a CSP header to sandbox uploaded files